> PHP Multiple Vulnerabilities
> SECUNIA ADVISORY ID:
> VERIFY ADVISORY:
> Less critical
> Unknown, Security Bypass
> Local system
> PHP 4.4.x
> PHP 5.1.x
> Some vulnerabilities have been reported in PHP, where some have
> unknown impacts, and others can be exploited by malicious, local
> users to bypass certain security restrictions.
> 1) Missing safe_mode and open_basedir verification exists in the
> "file_exists()", "imap_open()", and "imap_reopen()" functions.
> 2) Some unspecified boundary errors exists in the "str_repeat()" and
> "wordwrap()" functions on 64-bit systems.
> 3) The open_basedir and safe_mode protection mechanisms can be
> bypassed via the cURL extension and the realpath cache.
> 4) An unspecified boundary error exists in the GD extension when
> handling malformed GIF images.
> 5) A boundary error in the "stripos()" function can be exploited to
> cause an out-of-bounds memory read.
> 6) Incorrect memory_limit restrictions exists on 64-bit systems.
> Other issues which may be security related have also been reported.
> Update to version 4.4.4 or 5.1.5.
> PROVIDED AND/OR DISCOVERED BY:
> Reported by the vendor.
> ORIGINAL ADVISORY: